1. Using user 'sftp-user'
2. Store files on folder '/sftp-folder'
3. Allow a team member to access it
4. Using RSA public key for access control
[Step]
1. Prepare account 'sftp-user' and folder '/sftp-folder'
Create a user 'sftp-user'
Create a folder 'sftp-folder' on /
Change the folder owner to root; 'chown root /sftp-folder'
2. Modify SSHd setting, edit /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config
================================================================
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match user sftp_user
ChrootDirectory /sftp_folder
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp
=================================================================
3. To disable SSH for sftp-user
Modify /etc/passwd, change account 'sftp-user' shell program to /bin/false from /bin/bash
sudo vi /etc/passwd
4. Edit permission list
Add RSA public keys to /home/sftp-user/.ssh/authorized_key
5. restart SSHd
sudo /etc/init.d/ssh restart
[TEST]
You can generate a RSA public key on someone Linux, and provide it to sftp administrator.
After your key added to sftp-user's authorized_key file, you can using sftp to connect 'sftp-user' account
sftp sftp-user@somehome.com
